the grugq's newsletter

Subscribe
Archives
October 8, 2025

October 8, 2025

October 8, 2025

https://t.co/VswrXw9ZjZ pic.twitter.com/mukGkzNca6

— Damin Toell (@damintoell) October 7, 2025


POChttps://t.co/6VziQNQ76p https://t.co/ThRHBbU2Ef

— Florian Roth ⚡️ (@cyb3rops) October 7, 2025


Almost every single "I've been hacked" story starts off with "so a random stranger reached out to me on discord"

It seems like this is very easy to avoid by simply ignoring random strangers on discord. pic.twitter.com/gwRjGeQlmP

— karbon 🐺🦊 (@basedkarbon) October 6, 2025


GitHub - JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201: CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalation (CVE-2025-31201), and allowed token theft until patched in iOS 18.4.1 (Apr 16, 2025).

CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalati...


RediShell exploit :

- https://t.co/c62EOIBO0F#infosec #cybersec #bugbountytips https://t.co/CHVdpZuoXR pic.twitter.com/5BP5DIu1Mx

— Md Ismail Šojal 🕷️ (@0x0SojalSec) October 7, 2025


Don't miss what's next. Subscribe to the grugq's newsletter:
Start the conversation:
X